Privilege separation is a csoft.net feature which enables the web server to access content (and execute PHP or CGI scripts) under separate Unix credentials (UID/GID) than that of your main account. Specific domains or subdomains can be configured to execute under specific UID/GIDs. If a script installed under example.com is hacked, any damage would be limited to the ~/www/example.com/ directory.

Creating a new sub-account

Any existing sub-account can be used for privilege separation. You can create a new account from the "Unix Accounts" section of the web interface, or using csoftadm: